Microsoft Denies Xbox 360 Security Hole

Think your personal information, including credit card data, can’t be retrieved from your old Xbox 360 video game console? Think again. According to a new report, university researchers were able to access just this kind of information after acquiring a refurbished Xbox 360 system.

The report comes to us from Drexel and Dakota State university researchers, who note that they used a special software tool to dig into the file system of a used Xbox 360. While it was by no means easy, eventually the team was able to acquire credit card data.

Stunningly, it seems the researchers made Microsoft aware of the problem last year, but were rebuffed by the Redmond-based company. Only when the report finally made it online last week did Microsoft offer up the following statement:

“We are conducting a thorough investigation into the researchers’ claims.”

However, the firm remains convinced that there’s nothing to worry about.

“Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described,” the representative said, adding that, “when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.”

For their part, the researchers insist their report is not flawed and offer this criticism in it:

“Microsoft does a great job of protecting their proprietary information, but they don’t do a great job of protecting the user’s data.”

And so, it remains somewhat unclear as to whether or not this is something Xbox 360 users should be concerned about or not. Regardless, it’s probably smart to follow up on the research team’s suggestion that, in the event one sells their Xbox 360, they use sanitizer software to clean all information from the hard drive.